Articles

By: (CISA, CISSP, CRISC)

Publication: Nebraska Banker , January/February 2017

 

Nebraska Banker Jan- Feb 2017There has been a lot of attention on website ADA compliance over the past few months.  Several community banks have received demanding letters from law firms alleging the bank is violating the Americans with Disabilities Act (ADA).  Purportedly these letters claim that unless the bank modifies its website to meet the World Wide Web Consortium’s Web Content Accessibility Guidelines (WCAG), the bank will continue to violate ADA.  So, what does this mean?  Let’s take a look at some common questions banks are asking about ADA compliance.

What is ADA compliance?

Read Full Article

 

By:

The Kansas Banker Jan 2017

ADA website accessibility is a trending topic in the community banking industry. Why? Recently several financial institutions have received letters threatening lawsuits because banking websites are not “accessible.” The Americans with Disabilities Act (ADA), enacted in 1990, is a civil rights law created to prohibit discrimination against individuals with disabilities. In 2010, the Department of Justice (DOJ) initiated the rulemaking process concerning website accessibility. This process consists of calls for public comments on proposed rules, impact and cost analysis, and finally acceptance into the federal register. Since 2010, the process has been continually delayed. As of right now, finalized rules are expected to be released sometime in 2018, leaving no clear guidelines to follow at the moment. Without these guidelines in place, how can your bank protect itself from opportunistic legal battles while committing to provide an accessible site to your customers? Accessibility policies and vendor management are the answer.

Read Full Article

 

By: (Security+)

Publication: The Colorado Banker , January/February 2017

 

The Colorado Banker 2017

If you spend much time with teenagers, you know they use a special version of the English language. A few months ago, I was introduced to the term “on fleek.” Personally, I never liked it, but by the time I worked up enough courage to use the term in a conversation, I was informed, “Alyssa, ‘on fleek’ is so last year. Now, we say ‘lit’.” (Rolling my eyes here.) While both terms can be used to describe something “awesome,” I tell you this to emphasize how difficult it can be to understand another language.

Read Full Article

 

By: (Network+, CISA)

Publication: The Kansas Banker , December 2016

 

The Kansas Banker December 2016

Raise your hand if you are tired of constantly changing your password and sticking to whatever arbitrary rules seem to be in place at the time. Okay, now put your hand down because you are most likely drawing unnecessary attention to yourself, especially if you are in a coffee shop or on your couch at home surrounded by family. Everyone seems to grumble about password length and expirations, but the truth is: strong passwords are a necessary complication and their use isn’t going away anytime soon. If anything, password complexity guidelines are shifting to be even more stringent, although there may be some light at the end of the extremely long tunnel.

Read Full Article

 

By: (CISSP, CISA, Security+) and

Publication: Nebraska Banker , November/December 2016

Nebraska Banker November/December 2016

One of the difficult tasks banks continue to face is how do you educate your customers on the importance of cybersecurity? You send inserts with your statements and provide pamphlets in your brick and mortar branch, but what is being absorbed?

 

On the other hand, when you are marketing, you target your audience through TV ads, flyers, magazines, tradeshows, signage, etc. – a variety of channels to reach a wide audience base. Try to think of educating your customers in the same way you would market to them. After all, one of the roles of marketing is to educate. As with marketing, you can’t expect to educate your target audience about cybersecurity through just one channel. So here are some ideas and channels to consider for providing cybersecurity education:

Read Full Article

 

By: (Security +)

Publication: The Community Banker , Winter 2016

The Community Banker Winter 2016

DDoS attack that disrupted internet was largest of its kind in history, experts say,” was the headline from The Guardian on October 26th 2016.  What followed explained how this attack brought down some servers that provided online gaming and streaming video services.  As a banker who may have read a similar article, you may have thought to yourself, “So some kid couldn’t play his video game, so what?”  It is hard to envision how something like a DDoS (Distributed Denial of Service) attack can affect the banking industry, but it can.  First, it is important to understand what a DDoS attack is and then how it relates to information security in the financial industry.

Read Full Article

 

By: (CISA, CISSP)

Publication: The Colorado Banker , November/December 2016

Colorado Banker November/December 2016

If I were to ask you to list your top security threats, how would you respond? No doubt many would mention cybersecurity, seemingly the hottest topic at bank technology conventions, forums and with examiners. A Google search for "top cybersecurity threats" produces lists like these:


Some of the aforementioned items might be in your own list and, like me, you may not even be familiar with some of these threats. How would you answer if I rephrased the question: "What is your weakest link in security?"

You Are the Weakest Link!

Read Full Article

 

By: (Security+)

Publication: The Kansas Banker , November 2016

 

Kansas Banker November 2016

We know encryption is the bees’ knees, that’s why we’ve been coming up with ways to encrypt messages since the time of ancient Greeks. But do our coworkers and family members understand what it means to
 use encryption in today’s technology landscape, if they’re using encryption at all?

In layman’s terms, encryption is about putting data inside a virtual safe and locking it with a key that only you have. In terms of communication, there are a series of locks and keys passed back and forth to turn your data into gibberish which can only be understood by the parties with the keys. 

Read Full Article

 

By: (Security+)

Publication: Nebraska Banker , September/October 2016

Nebraska Banker September/October 2016

I was recently invited to celebrate the birthday of a friend and was a bit confused when I arrived at the party. My friend is in a “seasoned” phase of life and there were bright pink decorations everywhere. As it turns out, my friend was sharing this birthday party with a very special person: a little girl who turned one year old. So much attention goes into this moment of newness. Every attendee needs several photos on their smartphone to show their friends later. My friend took a few minutes to open some cards, then it was back to the baby for the ever popular “baby destroys a cake” act.

Read Full Article

 

By: (CISSP, CISA, Security+)

Publication: The Kansas Banker , September 2016

Kansas Banker September 2016

“It’s hard to educate customers…..but we still have to try.”  My boss uttered this the last time we broached the subject of customer education, and I think it perfectly captures the difficult task that banks are facing now and will continue to face in the future.

Customer education is sort of the grad school of training, right?  Most of you are still working on training your employees not to click on links in email as you hope and pray that your social engineering test goes well this year.  But customers?  How do you create training materials for customers?  How do you grab their attention when you don’t sign their paycheck?

Read Full Article